EPSRC iCase studentship in Cyber Security Analytics: Deception Approaches for Critical National Infrastructure (with Thales)
Lead Research Organisation:
Cardiff University
Department Name: Computer Science
Abstract
Attacks on Critical National Infrastructure (CNI), such as the energy, transport management, and supplies sectors, may have disastrous consequences. Such attacks may be performed by a variety of threat actors, including lone individuals, crime organisations, and nation states. Likewise, the goals of the attacks comprise a wide range, such as attention-seeking, terrorism, monetary gain, and cyber warfare. Attackers may use a large array of approaches to reach these goals. They may perform pure cyberattacks - which can be executed from anywhere in the world.
Deception provides a virtual environment that resembles the actual physical environment as closely as possible, in order to fool the attacker into believing they are attacking the real system
Deception has two aims:
Enabling the study of attackers' Tools, Techniques, and Procedures (TTPs) within a secure environment. This supports the gathering of threat intelligence. One well-known instance is the classical "honeypot" approach.
Defending the system by drawing attackers' attention and effort away from the real environment into the virtual one.
We are seeking an enthusiastic, creative and technically skilled candidate for an exciting and unique fully-funded scholarship opportunity to study deception in the context of cybersecurity for critical national infrastructure. The result of this PhD will be novel research that addresses a subset of the challenges outlined below, and begins to develop a realistic technical implementation. The successful candidate will be supported by internationally recognised researchers at Cardiff University's NCSC Academic Centre of Excellence for Cybersecurity Research, as well as industry experts and world class testbeds at Thales' National Digital Exploitation Centre (NDEC). You will join the ESPRC DTP Hub in Cyber Security Analytics at Cardiff University, becoming part of an interdisciplinary cohort of students studying the human and algorithmic aspects of AI in the context of cybersecurity.
Objectives
This project will investigate existing deception approaches for CNI systems in both the academic and the industrial domain. Due to the context, there are many intellectual, scientific and technical challenges to be addressed:
Realistic systems: The deception system must appear realistic in order to convince the attacker. Hence, its components and topology must closely match the real system. This is made particularly challenging by the fact that attackers may attack the system not just in the cyberspace. Therefore, the deception system will have to emulate not just digital components, but social and physical systems as well.
Realistic responses: The system must react to attacks in a convincing way. As attackers can monitor the success of their attacks in the physical world and in the media, these must be covered as well.
Scalability: Depending on the real system in question, CNI may involve a large number of diverse components. This raises questions of emulating those in a scalable way without replicating the original system in its entirety.
Automation: Generating an instance of the deception system for a particular real system cannot be done manually. Therefore, the project must support the automated discovery and matching of a real system, including components, topology, and behaviour.
Publicity and impact: The deception system will operate within an intellectually challenging field. On the one hand, some information needs to be publicised in order for it to operate (see (2), above). On the other hand, generating false information about attacks on a CNI may cause problems. In addition, the fact that a deception system is in operation should not be publicised.
Deception provides a virtual environment that resembles the actual physical environment as closely as possible, in order to fool the attacker into believing they are attacking the real system
Deception has two aims:
Enabling the study of attackers' Tools, Techniques, and Procedures (TTPs) within a secure environment. This supports the gathering of threat intelligence. One well-known instance is the classical "honeypot" approach.
Defending the system by drawing attackers' attention and effort away from the real environment into the virtual one.
We are seeking an enthusiastic, creative and technically skilled candidate for an exciting and unique fully-funded scholarship opportunity to study deception in the context of cybersecurity for critical national infrastructure. The result of this PhD will be novel research that addresses a subset of the challenges outlined below, and begins to develop a realistic technical implementation. The successful candidate will be supported by internationally recognised researchers at Cardiff University's NCSC Academic Centre of Excellence for Cybersecurity Research, as well as industry experts and world class testbeds at Thales' National Digital Exploitation Centre (NDEC). You will join the ESPRC DTP Hub in Cyber Security Analytics at Cardiff University, becoming part of an interdisciplinary cohort of students studying the human and algorithmic aspects of AI in the context of cybersecurity.
Objectives
This project will investigate existing deception approaches for CNI systems in both the academic and the industrial domain. Due to the context, there are many intellectual, scientific and technical challenges to be addressed:
Realistic systems: The deception system must appear realistic in order to convince the attacker. Hence, its components and topology must closely match the real system. This is made particularly challenging by the fact that attackers may attack the system not just in the cyberspace. Therefore, the deception system will have to emulate not just digital components, but social and physical systems as well.
Realistic responses: The system must react to attacks in a convincing way. As attackers can monitor the success of their attacks in the physical world and in the media, these must be covered as well.
Scalability: Depending on the real system in question, CNI may involve a large number of diverse components. This raises questions of emulating those in a scalable way without replicating the original system in its entirety.
Automation: Generating an instance of the deception system for a particular real system cannot be done manually. Therefore, the project must support the automated discovery and matching of a real system, including components, topology, and behaviour.
Publicity and impact: The deception system will operate within an intellectually challenging field. On the one hand, some information needs to be publicised in order for it to operate (see (2), above). On the other hand, generating false information about attacks on a CNI may cause problems. In addition, the fact that a deception system is in operation should not be publicised.
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/W521978/1 | 01/10/2021 | 30/09/2026 | |||
| 2599518 | Studentship | EP/W521978/1 | 01/10/2021 | 10/05/2023 | Andrew Bolton |